A

Anonymous

Solved

Removing signatures in a digital signature field

Forum|Forum|16 years ago
July 8, 2009
32 replies
281705 views

[Thread Edited By Adobe]

/*Don’t forget to meet and greet your fellow peers virtually by telling them about yourself here.

Go ahead and to it now: https://adobe.ly/3eDnB4v */

Actual Question:

Hi all, I have a question relating to the topic above that i hope
you guys can help me with;

1) Is it possible to remove digital signatures from form? For instance
if you have a form going thru several approval steps that requires
signatures, and then one step happened to reject, it would be nice to
remove the previous signatures so that they could be re-signed.

2) And finally is there a simpler way to combine digital signatures
and rights management then what was listed in the pdf provided by
Duane (second post from the bottom of the thread)? When creating a policy there is

a checkbox for "Filling in form fields and signing". Is this forsomething else?

Thanks!
Billy

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Best answer by

1) Is it possible to remove digital signatures from form?

ANSWER: A signature can only be removed ("unsigned") if the system or user has access to the "private" key used to generate the signature in the first place. For example, let's say User A signs a PDF... Only User A can unsign that PDF. If you were to use LC Digital Signatures ES to "unsign" a PDF, you would need to have all of the potential user "Credentials" and Credential passwords stored in the Trust Store so LC would have access to the private keys to be able to unsign a signature field. This is not very feasable if the number of potential signers is large.

2) Is there a simpler way to combine digital signatures and rights management

ANSWER: Combining Digital Signature and Rights Management is not complicated. You just need to be aware of the "Order of Operations" required. Always "Encrypt" first (Rights Mgt, Certificates, and Password can be used for encryption) then "Certify" (assuming you are Certifying the PDF), then add Reader Extension rights (assuming you want to extend functionality of the document for Reader)

The reason the above order is required... When you sign a document, a hash is generated based on the document, if you then encrypt that signed document, you are modifying the document which in turn causes a different hash to be generated... this breaks the signature.

As for the "Filling in form fields and signing" option in a policy, this is a "permission" that you can allow or disallow for PDF forms with a policy applied by RM. For example, A PDF has a policy applied where User A has the "Filling in form fields and signing" permission enabled andf User B does not. User A can open the form and interact with it by filling it in and or sign the form. User B would only be able to "view" the form. This permission is only relevant what using RM to protect fillable PDF forms. Also, it shouldn't be confused with the Reader Extensions permission of allowing Digital Signatures in Reader.

For example, If you wanted a "Certified" form to be filled in and signed by User A with Adobe Reader, you would need to:

Apply a policy to the PDF where User A had the "Filling in form fields and signing" permission enabled, then apply a "Certify" signature which had the "Allow Form Fill and Signing" permission enabled, then Reader Extend the PDF form that enables the "Digital Signatures" permission which activates the Digfital Signatures functionality in Reader for that particular form.

It may sound complicated, but it really isn't

Regards

Steve

Show previous replies

A

Anonymous

Sure thing, I appreciate you taking the time. I've attached a screen shot of the securities tab of the subprocess (RemovePolicyAndSignature), and you can see that I've set the "invoke as" setting to the user gjames.

I've also included a screenshot of the policy "Consultant" in the policy set "Exp" to show that Glenn James (gjames) is a member of the policy as well as the policy set administrator.

I've also included the lca file which has the main process (ExpenseSheet), the subprocess (RemovePolicyAndSignature), and the rendering service (RenderExtendedPolicyPDF) which applies the policy and reader extension.

Thank,

Bilen

A

Anonymous

The LCA file did not make it. Rename the file with a .TXT extension so it will not be blocked.

Thanks

Steve

A

Anonymous

Whhops, here it is again

ExpenseProcess-20-07-2009-1156.txt

A

Anonymous

The screen shots look like the correct configuration. I made a few changes\corrections to your "RemovePolicyAndClearSignature" process, tested and got it working on my system. I attached the new version. By the way, prior to making the changes, I tested and duplicate your coercion error, it was caused by the fact that your "list" variabe had a subtype of document, you were trying to put an object of type "PDFSignatureField" into a "document" variable, therefore the corecion error.

Changes I made included:

1) Changing the "sigLst" variable to have a subtype of "PDFSignatureField" (You had used "document")

2) Created a variabe of type PDFSignatureField, named "objSignatureField"

3) Added a "Set Value" step to map the "PDFSignatureField" object from the "sigLst" variable into the "objSignatureField" variable, and a second mapping to map the "name" attribute of the "objSignatureField" (which hold the PDFSignatureField") into the "signatureName" variable of type string

I set the service security to "RunAs" a named user, this named user was a member of the policy, and had "Modify" permissions. I invoked the process from Workbench and was able to see that the resulting PDF file had the signature cleared from the field.

Hope this helps.

Regards

Steve

MODIFIEDRemovePolicyAndClearSignature-1-0.xml

A

Anonymous

hmmm, i'm still having the No View Permission when trying to invoke the subprocess through the expensesheet process. Just out of curiosity does the policy get imported as well when with th e lca? Did you get the No View Permission when you ran it on your system for the first time?

Thanks,

Billy

A

Anonymous

Policy Set and Policies do not come across as part of an LCA (neither do trust Store settings either)

I created my own test policy and did not get the "No View Permission" error. Can you test the process I posted (invoke from Workbench, with the "Run As" set to your user) with your policy and document to see if you get the error.

Regards

Steve

A

Anonymous

No, i still have problems, I tried setting the user to various different users in the policy. I'm guessing its just the way that I'm setting the policy, though for the life of me i can't imagine what i'm doing wrong. Is there an online resource somewhere that goes step by step on how to create a policy?

I'm also wondering though, I'm getting a Not Serializable error coming up as well, can this have anything to do with it?

A

Anonymous

I'll take a look at your other processes. I'll let you know what I find shortly.

Are you using "Record and Playback"? What step in the process is causing the Not Serializable error?

Regards

Steve

A

Anonymous

I get the not serializable error when i run the process, but when i play it back it only shows the no view permission. I included a screenshot to show what i mean.

Thanks

Billy

A

Anonymous

Billy

I tested everything again (including your render service, and your Expense process), ands was able to run the process(es) successfully, with no errors.

I did however create my own policy set and policy which I set in your render service.

On your end, it has to be an issue between the policy and the user that you are defining as the "Run As" account.

Can you now post a screen shot of the Policy configuration, including the specific permission details for the user "glennj".

Regards

Steve

Show more replies

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded